Problem with PEAP and LDAP

Carlos Martínez-Troncoso Cera cmartinez at
Wed Aug 24 17:58:41 CEST 2005


We are trying to use FreeRadius with PEAP and LDAP.

Our access point is a 3Com 8750, is talking with a FreeRadius 1.0.4, 
Freeradius talks with LDAP
(Sun One Messaging Server 5.1) and our PEAP clients are Windows XP and 2000.
First we configured FreeRadius with LDAP, it works well, then we tried 
to use this with EAP, it works when
we use local users, but when we try to authenticate and authorize PEAP 
users in LDAP, it doesn´t work.

The error is:

modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 5
  rlm_mschap: Told to do MS-CHAPv2 for cmartinez with NT-Password
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 5
modcall: group Auth-Type returns reject for request 5

I was looking how Sun ONE stores the passwords, it uses SSHA (Salted 
Secure Hashing Algoritm),
I think this is the problem, because I suposse it looks for NT-LM 
Hashing passwords, what can I do and where can I find info about it?

Thank you in advance.


More information about the Freeradius-Users mailing list